F. Paul Greene, CIPP/US, CIPP/E, CIPM, FIP, partner and chair of our Privacy and Data Security team, shared insight on the recently enacted Senate Bill 6 (SB6) in Connecticut in his article for New York Law Journal. In “The Balkanization of U.S. Privacy Law Continues With Connecticut’s SB6,” Paul explains that SB6 is one of several comprehensive state-law data protection regimes passed in recent years; starting with the California Consumer Privacy Act (CCPA), passed in 2018, New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act, effective as of October 2019, and the Consumer Data Protection Act (CDPA) in Virginia and the Colorado Privacy Act, both passed in 2021. Paul states, “With the adoption of CDPA in Virginia, and now SB6 in Connecticut, the momentum in state houses seems to have shifted to the statute-only approach, which mitigates some of the complexity created via the regulatory process.” However, Paul continues, “This combination of increased rate of change, and the potential for conflicting administrative guidance from various jurisdictions, makes it impossible for many organizations to understand with certainty what their data protection obligations will be, even in the near future.” Paul recommends that privacy practitioners and counsel remain flexible, and adapt not only to new regimes like SB6, but also changing consumer expectations and expanding agency guidance, at least for the short term.
To view the article on New York Law Journal’s website, click here.